- Feb 10, 2015
- 151
- 0
- 4,710
A few years ago I worked for an IT field work company and was their networking guy. I did some work for a major fast food restaurant franchise that needed to get into their Netopia combo modem/router but the guy that set it up could not be reached so it had to be defaulted and set back up. Attached to the LAN was a Linksys wrt54g that was obviously put there by someone to add an unsecured wireless guest network. After getting done with the project I told the manager there that the way this is set up is a big PCIDSS violation and anyone that gets on your wireless network can "see" and access anything on your wired LAN INCLUDING their entire IP based POS system. The manager listened and took the advice. A couple days later the owner of this location called my company bitching, saying they need guest WIFI. I finally talked to him over the phone and explained that if he wants a guest wifi network he needs to get either a firewall capable of having two separate LANs that aren't routable to each other, or a completely separate internet connection (the company I was with was also a DSL provider and their basic would have been 35 dollars per month). His cheap ass goes on to say that they are "just a fast food store" and don't make enough money to spend on this. Hell, I told him to just NOT DO A GUEST WIFI NETWORK.... Finally I refuse to do it, receive an ass-chewing from the folks I worked for and they sent another guy with the company out to plug in and hook up the wireless router....
Fast forward 3 or 4 years to now. I'm in town working and stop there to eat. I remember all that BS, whip out my phone and hop on their wireless network. Traceroute still shows exact same double-NAT-ed router for guest network and could still see and get to all of their POS equipment, mac-addresses included.
THIS TYPE OF THING IS HOW FOLKS GET THEIR IDENTITIES AND CARD INFORMATION STOLEN... How in the hell can I report this? Everything I find online says there either has to be an incident that is investigated or it has to be reported to the credit card companies directly. Is there not a hotline or someone to email? I don't even care about a monetary award or anything like that.
TL;DR: Cheap-ass business owner knows of security hole and refuses to do anything about it because of the expense required. How can I report this and who do I report this to?
Fast forward 3 or 4 years to now. I'm in town working and stop there to eat. I remember all that BS, whip out my phone and hop on their wireless network. Traceroute still shows exact same double-NAT-ed router for guest network and could still see and get to all of their POS equipment, mac-addresses included.
THIS TYPE OF THING IS HOW FOLKS GET THEIR IDENTITIES AND CARD INFORMATION STOLEN... How in the hell can I report this? Everything I find online says there either has to be an incident that is investigated or it has to be reported to the credit card companies directly. Is there not a hotline or someone to email? I don't even care about a monetary award or anything like that.
TL;DR: Cheap-ass business owner knows of security hole and refuses to do anything about it because of the expense required. How can I report this and who do I report this to?
Facebook
Twitter
Instagram